From owner-freebsd-hackers@FreeBSD.ORG Sat Dec 11 08:29:09 2004 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 08C6016A4CE for ; Sat, 11 Dec 2004 08:29:09 +0000 (GMT) Received: from visp.engelschall.com (visp.engelschall.com [195.27.176.148]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9295743D58 for ; Sat, 11 Dec 2004 08:29:08 +0000 (GMT) (envelope-from rse@engelschall.com) Received: by visp.engelschall.com (Postfix, from userid 1005) id 53D0E4CE5AC; Sat, 11 Dec 2004 09:29:16 +0100 (CET) Received: by en1.engelschall.com (Postfix, from userid 10000) id 42DE2A17A7; Sat, 11 Dec 2004 09:28:57 +0100 (CET) Date: Sat, 11 Dec 2004 09:28:57 +0100 From: "Ralf S. Engelschall" To: freebsd-hackers@freebsd.org Message-ID: <20041211082857.GA5218@engelschall.com> References: <20041210180332.GA27788@engelschall.com> <20041210234157.478BF840325@mail.npubs.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20041210234157.478BF840325@mail.npubs.com> User-Agent: Mutt/1.4.2.1i Organization: FreeBSD Subject: Re: rc.shutdown and jails X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: "Ralf S. Engelschall" List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Dec 2004 08:29:09 -0000 On Fri, Dec 10, 2004, Nielsen wrote: > Ralf S. Engelschall wrote: > >Currently a "/etc/rc.d/jail stop" just kills all processes in the > >individual jails. If /etc/default/rc.conf's default way of booting the > >jails (jail_exec="/bin/sh /etc/rc") is used this is a rather crual > >approach IMHO. I think if the jail is booted through /etc/rc it also > >should be given the chance to shutdown via /etc/rc.shutdown. If then > >there are still processes remaining, the killall(1) is fine, of course. > >This way packages and other sub-systems have the chance to perform a > >graceful shutdown. > > Definitely a good plan. You just have to watch out for environment > variable leakage into the jail subsystem when using jexec. A minor > concern, perhaps. > [...] Ok, good point. I think running "env -i /usr/sbin/jexec" instead of just "jexec" is sufficient here because the rc.shutdown reinitializes at least PATH and HOME again and the remaining variables should be not needed for the procedure. -- rse@FreeBSD.org Ralf S. Engelschall FreeBSD.org/~rse rse@engelschall.com FreeBSD committer www.engelschall.com